Aller au contenu

willow93

Membres
  • Compteur de contenus

    25
  • Inscription

  • Dernière visite

willow93's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Encore .... MERCI !!
  2. L'ordi parait sain ... Mes parents te remercient et demandent comment éviter de re-choper ces virus ? Sachant qu'ils ne téléchargent pas !
  3. ############################## | UsbFix 7.048 | [suppression] Utilisateur: Proprietaire (Administrateur) # ORDI-BUREAU [ ] Mis à jour le 11/06/2011 par TeamXscript Lancé à 11:57:40 | 18/06/2011 Site Web: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Processor model unknown Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Activé Antivirus: avast! Antivirus 5.0.100664421 [Enabled | Updated] RAM -> 2943 Mo C:\ (%systemdrive%) -> Disque fixe # 298 Go (239 Go libre(s) - 80%) [] # NTFS D:\ -> CD-ROM E:\ -> Disque amovible # 956 Mo (269 Mo libre(s) - 28%) [uDISK] # FAT F:\ -> CD-ROM Z:\ -> Disque fixe # 932 Go (921 Go libre(s) - 99%) [Naudins disk externe] # NTFS ################## | Éléments infectieux | Supprimé! C:\Recycler\S-1-5-21-606747145-1004336348-682003330-1004 Supprimé! Z:\Recycler\S-1-5-21-606747145-1004336348-682003330-1004 ################## | Registre | ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{72e53365-c981-11de-aec0-0026187689d9} Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{82cf69c4-9f8c-11de-948a-806d6172696f} Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{c1a542fa-6776-11e0-af88-0026187689d9} ################## | Listing | [12/09/2009 - 12:01:45 | D ] C:\5cd38f7d474ff71e7d02efa03b [12/09/2009 - 11:30:41 | N | 0] C:\AUTOEXEC.BAT [17/06/2011 - 18:10:39 | N | 216] C:\boot.ini [14/04/2008 - 14:00:00 | N | 4952] C:\Bootfont.bin [17/06/2011 - 23:21:17 | D ] C:\Config.Msi [12/09/2009 - 11:30:41 | N | 0] C:\CONFIG.SYS [07/11/2009 - 16:39:06 | N | 81] C:\CTX.DAT [12/09/2009 - 11:35:26 | D ] C:\Documents and Settings [12/09/2009 - 11:30:41 | N | 0] C:\IO.SYS [12/09/2009 - 11:30:41 | N | 0] C:\MSDOS.SYS [17/06/2011 - 23:19:15 | RHD ] C:\MSOCache [14/04/2008 - 14:00:00 | N | 47564] C:\NTDETECT.COM [14/04/2008 - 14:00:00 | N | 252240] C:\ntldr [17/06/2011 - 20:58:53 | ASH | 2145386496] C:\pagefile.sys [17/06/2011 - 18:21:32 | N | 512] C:\PhysicalDisk0_MBR.bin [17/06/2011 - 23:56:30 | D ] C:\Program Files [18/06/2011 - 11:59:14 | SHD ] C:\RECYCLER [16/06/2011 - 18:30:32 | SHD ] C:\System Volume Information [17/06/2011 - 18:52:08 | N | 41594] C:\TDSSKiller.2.5.5.0_17.06.2011_18.50.24_log.txt [18/06/2011 - 11:59:14 | D ] C:\UsbFix [18/06/2011 - 11:59:14 | A | 1081] C:\UsbFix.txt [24/12/2009 - 18:42:02 | D ] C:\UT2004 [17/06/2011 - 23:54:57 | D ] C:\WINDOWS [17/06/2011 - 09:53:38 | D ] C:\wins.Bin [17/06/2011 - 20:51:49 | N | 5230] C:\ZHPExportRegistry-17-06-2011-20-51-49.txt [17/06/2011 - 17:15:01 | D ] C:\_OTM [25/05/2011 - 19:25:48 | D ] E:\callanques 2011 [26/12/2009 - 16:20:28 | D ] E:\Chiots de Ork [26/12/2009 - 16:23:02 | D ] E:\cannes 2007 [26/12/2009 - 16:24:16 | D ] E:\chiots 2007 [01/11/2010 - 23:47:54 | D ] E:\chalet coralie [03/09/2010 - 22:16:22 | N | 2776244] E:\appart juju.zip [30/08/2010 - 16:30:18 | D ] E:\avri l2010 anniv ginette [10/01/2011 - 18:02:30 | D ] E:\mariage Mélissa (2) [20/05/2011 - 14:43:38 | D ] E:\alleyras mai 2011 [26/05/2011 - 22:08:17 | D ] Z:\Annie [18/06/2011 - 11:59:14 | SHD ] Z:\RECYCLER [24/05/2011 - 10:47:49 | SHD ] Z:\System Volume Information ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) E:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) Z:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_ORDI-BUREAU.zip http://www.teamxscript.org/Upload.php Merci de votre contribution. ################## | E.O.F |
  4. ############################## | UsbFix 7.048 | [Recherche] Utilisateur: Proprietaire (Administrateur) # ORDI-BUREAU [ ] Mis à jour le 11/06/2011 par TeamXscript Lancé à 23:23:13 | 17/06/2011 Site Web: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Processor model unknown Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Activé Antivirus: avast! Antivirus 5.0.100664421 [(!) Disabled | Updated] RAM -> 2943 Mo C:\ (%systemdrive%) -> Disque fixe # 298 Go (255 Go libre(s) - 85%) [] # NTFS D:\ -> CD-ROM E:\ -> Disque amovible # 956 Mo (269 Mo libre(s) - 28%) [uDISK] # FAT F:\ -> CD-ROM Z:\ -> Disque fixe # 932 Go (921 Go libre(s) - 99%) [Naudins disk externe] # NTFS ################## | Éléments infectieux | ################## | Registre | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{72e53365-c981-11de-aec0-0026187689d9} Shell\AutoRun\Command = G:\InstallTomTomHOME.exe HKCU\.\.\.\.\Explorer\MountPoints2\{82cf69c4-9f8c-11de-948a-806d6172696f} Shell\AutoRun\Command = D:\Bin\ASSETUP.exe HKCU\.\.\.\.\Explorer\MountPoints2\{c1a542fa-6776-11e0-af88-0026187689d9} Shell\AutoRun\Command = E:\iStudio.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F |
  5. On a l'air bon : Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Version de la base de données: 6880 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17/06/2011 21:48:24 mbam-log-2011-06-17 (21-48-24).txt Type d'examen: Examen complet (C:\|E:\|Z:\|) Elément(s) analysé(s): 202730 Temps écoulé: 27 minute(s), 24 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Plus de messages d'avast (pour l'instant)
  6. Bon appétit RogueKiller V5.2.3 [16/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Proprietaire [Droits d'admin] Mode: Suppression -- Date : 17/06/2011 19:26:28 Processus malicieux: 0 Entrees de registre: 3 [bLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) Fichier HOSTS: Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt Rapport de ZHPFix 1.12.3316 par Nicolas Coolman, Update du 16/06/2011 Fichier d'export Registre : Run by Proprietaire at 17/06/2011 20:51:49 Windows XP Home Edition Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== ERREUR CLSID MPSK: {82cf69c4-9f8c-11de-948a-806d6172696f} ERREUR Key: Service Legacy: LEGACY_AMSERVICE ABSENT Key: Service Legacy: LEGACY_SSHNAS SUPPRIME Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler SUPPRIME Key: HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF} SUPPRIME Key: HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF ========== Valeur(s) du Registre ========== ABSENT IFC: [FEATURE_BROWSER_EMULATION] svchost.exe ========== Préférences navigateur ========== SUPPRIME Mozilla Pref: user_pref("extensions.asktb.cbid", "H2"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.default-channel-url-mask", "http://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.fresh-install", false); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.l", "dis"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.last-config-req", "1261617542164"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.locale", "fr_FR"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.o", "15455"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.qsrc", "2871"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.r", "2"); ========== Dossier(s) ========== SUPPRIME Temporaires Windows: : 72 SUPPRIME Flash Cookies: 2 ========== Fichier(s) ========== SUPPRIME Temporaires Windows: : 51 SUPPRIME Flash Cookies: 1 ========== Récapitulatif ========== 6 : Clé(s) du Registre 1 : Valeur(s) du Registre 2 : Dossier(s) 2 : Fichier(s) 10 : Préférences navigateur ========== Chemin du fichier rapport ========== C:\Program Files\ZHPDiag\ZHPFixReport.txt End of the scan
  7. RogueKiller V5.2.3 [16/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Proprietaire [Droits d'admin] Mode: Recherche -- Date : 17/06/2011 19:25:55 Processus malicieux: 0 Entrees de registre: 3 [bLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND Fichier HOSTS: Termine : << RKreport[1].txt >> RKreport[1].txt
  8. 2011/06/17 18:50:24.0671 2308 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15 2011/06/17 18:50:24.0859 2308 ================================================================================ 2011/06/17 18:50:24.0859 2308 SystemInfo: 2011/06/17 18:50:24.0859 2308 2011/06/17 18:50:24.0859 2308 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/17 18:50:24.0859 2308 Product type: Workstation 2011/06/17 18:50:24.0859 2308 ComputerName: ORDI-BUREAU 2011/06/17 18:50:24.0859 2308 UserName: Proprietaire 2011/06/17 18:50:24.0859 2308 Windows directory: C:\WINDOWS 2011/06/17 18:50:24.0859 2308 System windows directory: C:\WINDOWS 2011/06/17 18:50:24.0859 2308 Processor architecture: Intel x86 2011/06/17 18:50:24.0859 2308 Number of processors: 1 2011/06/17 18:50:24.0859 2308 Page size: 0x1000 2011/06/17 18:50:24.0859 2308 Boot type: Normal boot 2011/06/17 18:50:24.0875 2308 ================================================================================ 2011/06/17 18:50:25.0453 2308 Initialize success 2011/06/17 18:50:50.0453 2164 ================================================================================ 2011/06/17 18:50:50.0453 2164 Scan started 2011/06/17 18:50:50.0453 2164 Mode: Manual; 2011/06/17 18:50:50.0453 2164 ================================================================================ 2011/06/17 18:50:52.0015 2164 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/06/17 18:50:52.0171 2164 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/17 18:50:52.0250 2164 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/17 18:50:52.0359 2164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/17 18:50:52.0421 2164 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/06/17 18:50:52.0546 2164 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 2011/06/17 18:50:52.0687 2164 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/06/17 18:50:52.0734 2164 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/06/17 18:50:52.0781 2164 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/06/17 18:50:52.0843 2164 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys 2011/06/17 18:50:52.0875 2164 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys 2011/06/17 18:50:52.0921 2164 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/06/17 18:50:53.0000 2164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/17 18:50:53.0078 2164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/17 18:50:53.0140 2164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/17 18:50:53.0234 2164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/17 18:50:53.0312 2164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/17 18:50:53.0375 2164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/17 18:50:53.0406 2164 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/06/17 18:50:53.0468 2164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/17 18:50:53.0531 2164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/17 18:50:53.0609 2164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/17 18:50:53.0781 2164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/17 18:50:53.0859 2164 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/17 18:50:53.0890 2164 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/17 18:50:53.0906 2164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/17 18:50:53.0968 2164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/17 18:50:54.0078 2164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/17 18:50:54.0140 2164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/17 18:50:54.0187 2164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/17 18:50:54.0234 2164 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/17 18:50:54.0265 2164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/17 18:50:54.0343 2164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/06/17 18:50:54.0390 2164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/17 18:50:54.0453 2164 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/17 18:50:54.0515 2164 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 2011/06/17 18:50:54.0562 2164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/17 18:50:54.0640 2164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/17 18:50:54.0718 2164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/17 18:50:54.0796 2164 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/06/17 18:50:54.0812 2164 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/06/17 18:50:54.0828 2164 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/06/17 18:50:54.0890 2164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/17 18:50:54.0937 2164 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/17 18:50:54.0984 2164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/17 18:50:55.0187 2164 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/06/17 18:50:55.0265 2164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/06/17 18:50:55.0328 2164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/17 18:50:55.0343 2164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/17 18:50:55.0453 2164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/17 18:50:55.0546 2164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/17 18:50:55.0609 2164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/17 18:50:55.0656 2164 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/17 18:50:55.0687 2164 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/17 18:50:55.0718 2164 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/17 18:50:55.0781 2164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/17 18:50:55.0843 2164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/17 18:50:55.0906 2164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/17 18:50:55.0937 2164 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/17 18:50:55.0953 2164 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/17 18:50:56.0000 2164 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/17 18:50:56.0015 2164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/17 18:50:56.0046 2164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/17 18:50:56.0140 2164 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/17 18:50:56.0171 2164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/17 18:50:56.0234 2164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/17 18:50:56.0281 2164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/17 18:50:56.0296 2164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/17 18:50:56.0390 2164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/17 18:50:56.0437 2164 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/06/17 18:50:56.0500 2164 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/06/17 18:50:56.0578 2164 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/17 18:50:56.0625 2164 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/06/17 18:50:56.0687 2164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/17 18:50:56.0750 2164 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/06/17 18:50:56.0781 2164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/17 18:50:56.0859 2164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/17 18:50:56.0875 2164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/17 18:50:56.0921 2164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/17 18:50:56.0953 2164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/17 18:50:57.0000 2164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/17 18:50:57.0046 2164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/17 18:50:57.0140 2164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/17 18:50:57.0171 2164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/17 18:50:57.0531 2164 nv (b095950698abe343f67098d76810f09e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/06/17 18:50:57.0609 2164 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/06/17 18:50:57.0687 2164 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys 2011/06/17 18:50:57.0703 2164 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/06/17 18:50:57.0781 2164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/17 18:50:57.0812 2164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/17 18:50:57.0859 2164 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/17 18:50:57.0890 2164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/17 18:50:57.0906 2164 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/17 18:50:57.0984 2164 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS 2011/06/17 18:50:58.0015 2164 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS 2011/06/17 18:50:58.0062 2164 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/17 18:50:58.0093 2164 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/17 18:50:58.0109 2164 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/17 18:50:58.0296 2164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/17 18:50:58.0390 2164 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys 2011/06/17 18:50:58.0453 2164 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/06/17 18:50:58.0484 2164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/17 18:50:58.0500 2164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/17 18:50:58.0562 2164 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/17 18:50:58.0687 2164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/17 18:50:58.0703 2164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/17 18:50:58.0734 2164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/17 18:50:58.0750 2164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/17 18:50:58.0781 2164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/17 18:50:58.0812 2164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/17 18:50:58.0890 2164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/17 18:50:58.0937 2164 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/17 18:50:59.0031 2164 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\WINDOWS\system32\Drivers\RtsUStor.sys 2011/06/17 18:50:59.0093 2164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/17 18:50:59.0171 2164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/17 18:50:59.0187 2164 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/17 18:50:59.0218 2164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/17 18:50:59.0312 2164 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/06/17 18:50:59.0359 2164 SoC PC-Camera Service (93f11cceab41a47a0a6317b640b3b807) C:\WINDOWS\system32\DRIVERS\pfc027.sys 2011/06/17 18:50:59.0390 2164 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/06/17 18:50:59.0484 2164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/17 18:50:59.0609 2164 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/06/17 18:50:59.0609 2164 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/06/17 18:50:59.0625 2164 sptd - detected LockedFile.Multi.Generic (1) 2011/06/17 18:50:59.0656 2164 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/17 18:50:59.0703 2164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/17 18:50:59.0750 2164 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/06/17 18:50:59.0796 2164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/17 18:50:59.0875 2164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/17 18:51:00.0000 2164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/17 18:51:00.0046 2164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/17 18:51:00.0109 2164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/17 18:51:00.0125 2164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/17 18:51:00.0171 2164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/17 18:51:00.0250 2164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/17 18:51:00.0328 2164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/17 18:51:00.0390 2164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/17 18:51:00.0421 2164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/17 18:51:00.0484 2164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/17 18:51:00.0546 2164 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/06/17 18:51:00.0593 2164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/17 18:51:00.0625 2164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/17 18:51:00.0656 2164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/17 18:51:00.0703 2164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/17 18:51:00.0781 2164 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/17 18:51:00.0828 2164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/17 18:51:00.0906 2164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/17 18:51:01.0015 2164 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/06/17 18:51:01.0078 2164 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/06/17 18:51:01.0093 2164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/17 18:51:01.0125 2164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/17 18:51:01.0171 2164 MBR (0x1B8) (dad11e2a62df7f44f938c5059e874339) \Device\Harddisk0\DR0 2011/06/17 18:51:01.0171 2164 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/06/17 18:51:01.0171 2164 MBR (0x1B8) (26650c08ac5546b66c62409f7a54ada4) \Device\Harddisk1\DR2 2011/06/17 18:51:01.0234 2164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR3 2011/06/17 18:51:01.0296 2164 ================================================================================ 2011/06/17 18:51:01.0296 2164 Scan finished 2011/06/17 18:51:01.0296 2164 ================================================================================ 2011/06/17 18:51:01.0312 2152 Detected object count: 2 2011/06/17 18:51:01.0312 2152 Actual detected object count: 2 2011/06/17 18:51:21.0156 2152 LockedFile.Multi.Generic(sptd) - User select action: Skip 2011/06/17 18:51:21.0187 2152 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/17 18:51:21.0187 2152 \Device\Harddisk0\DR0 - ok 2011/06/17 18:51:21.0187 2152 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/17 18:52:08.0453 3800 Deinitialize success édit : c'est peut être lié mais maintenant l'upload remarche : http://www.cijoint.fr/cjlink.php?file=cj201106/cijaU4bXXw.txt
  9. Trés bizzard je ne peut pas Uploader le fichier... sur aucun des liens que tu m'a filé... "La connexion a été réinitialisée La connexion avec le serveur a été réinitialisée pendant le chargement de la page." edit : j'ai vu ton message, non tu est meme plutot très rapide ! Ok je dis plus rien
  10. au fait le processus Svchost.exe orend une ressource énorme qui augmente avec le temps (167 204 Ko) peut etre faudrait il creuser de ce coté la ?
  11. Pour info c'est le PC de mes parents qui sont un peu Noobs... Rapport Scan : ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 17:51:56 le 17/06/2011, Mode normal Microsoft Windows XP Édition familiale Service Pack 3 (X86) Proprietaire@ORDI-BUREAU ( ) ============== RECHERCHE ============== Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Fichier trouvé: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\searchplugins\askcom.xml Dossier trouvé: C:\Documents and Settings\Proprietaire\Local Settings\Application Data\AskToolbar -- Fichier ouvert: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\Prefs.js -- Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com"); Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com"); Ligne trouvée: user_pref("browser.search.order.1", "Ask.com"); Ligne trouvée: user_pref("extensions.asktb.cbid", "H2"); Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&... Ligne trouvée: user_pref("extensions.asktb.fresh-install", false); Ligne trouvée: user_pref("extensions.asktb.l", "dis"); Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1261617542164"); Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR"); Ligne trouvée: user_pref("extensions.asktb.o", "15455"); Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871"); Ligne trouvée: user_pref("extensions.asktb.r", "2"); -- Fichier Fermé -- Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé trouvée: HKCU\Software\Ask.com Clé trouvée: HKCU\Software\AskToolbar Clé trouvée: HKCU\Software\AppDataLow\AskBarDis Clé trouvée: HKCU\Software\AppDataLow\AskHomePage Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [4.0.1 (fr)] **** HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\bing.xml ( hxxp://www.bing.com/search) Searchplugins\pucuy.xml (hxxp://www.pucuy.com/google) Components\AskHPRFF.js Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default -- Extensions\toolbar@iadah.com (?) Extensions\z0rya@free.fr (zoryazilla) Searchplugins\askcom.xml (?) Searchplugins\iadah.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameiadah</ShortName<Descriptioniadah</Description<...) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Proprietaire\\Mes documents\\Annie Prefs.js - browser.search.defaultenginename, Ask.com Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxps://www.google.fr Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 Prefs.js - keyword.URL, hxxp://www.iadah.com/web-B-8?search&q= ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie HKCU_Main|Search Page - hxxp://www.google.com HKCU_Main|Start Page - hxxps://www.facebook.com HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://www.pucuy.com/ HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll) HKCU_SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA} - "Search" (hxxp://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-35468619388...) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=BT4&o=15455&src=crm&q={searchTerm...) HKCU_SearchScopes\{e3dccd12-aa1a-48c5-a38b-518a9c35992f} - "iadah" (hxxp://www.iadah.com/web-B-8?search&q={searchTerms}) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKLM_Toolbar|{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} (C:\Program Files\DevNet\Toolbar\DevNet.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (x) HKCU_ElevationPolicy\{D3DE705E-0BB6-47E6-AB61-6FF78BE040A0} - C:\Program Files\Internet Explorer\minftnet.exe (Synersoft) HKLM_ElevationPolicy\{43023B0B-C598-4935-808C-990E0C700723} - C:\Program Files\DevNet\Toolbar\DevNetUpdater.exe (DevNet) HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?) HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{2E59C859-1AF3-0080-5D44-BD22E7CE3009} - "?" (c:\windows\system32\uxatbtdb.dll) (x) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 17/06/2011 17:55:10 (3963 Octet(s)) Fin à: 17:56:41, 17/06/2011 ============== E.O.F ============== Rapport Clean: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:59:17 le 17/06/2011, Mode normal Microsoft Windows XP Édition familiale Service Pack 3 (X86) Proprietaire@ORDI-BUREAU ( ) ============== ACTION(S) ============== Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js Fichier supprimé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Fichier supprimé: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\searchplugins\askcom.xml Dossier supprimé: C:\Documents and Settings\Proprietaire\Local Settings\Application Data\AskToolbar (!) -- Fichiers temporaires supprimés. -- Fichier ouvert: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\Prefs.js -- Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com"); Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask.com"); Ligne supprimée: user_pref("browser.search.order.1", "Ask.com"); Ligne supprimée: user_pref("extensions.asktb.cbid", "H2"); Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&... Ligne supprimée: user_pref("extensions.asktb.fresh-install", false); Ligne supprimée: user_pref("extensions.asktb.l", "dis"); Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1261617542164"); Ligne supprimée: user_pref("extensions.asktb.locale", "fr_FR"); Ligne supprimée: user_pref("extensions.asktb.o", "15455"); Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871"); Ligne supprimée: user_pref("extensions.asktb.r", "2"); -- Fichier Fermé -- Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé supprimée: HKCU\Software\Ask.com Clé supprimée: HKCU\Software\AskToolbar Clé supprimée: HKCU\Software\AppDataLow\AskBarDis Clé supprimée: HKCU\Software\AppDataLow\AskHomePage Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [4.0.1 (fr)] **** HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\bing.xml ( hxxp://www.bing.com/search) Searchplugins\pucuy.xml (hxxp://www.pucuy.com/google) Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default -- Extensions\toolbar@iadah.com (?) Extensions\z0rya@free.fr (zoryazilla) Searchplugins\iadah.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameiadah</ShortName<Descriptioniadah</Description<...) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Proprietaire\\Mes documents\\Annie Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxps://www.google.fr Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 Prefs.js - keyword.URL, hxxp://www.iadah.com/web-B-8?search&q= ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll) HKCU_SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA} - "Search" (hxxp://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-35468619388...) HKCU_SearchScopes\{e3dccd12-aa1a-48c5-a38b-518a9c35992f} - "iadah" (hxxp://www.iadah.com/web-B-8?search&q={searchTerms}) HKLM_Toolbar|{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} (C:\Program Files\DevNet\Toolbar\DevNet.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKCU_ElevationPolicy\{D3DE705E-0BB6-47E6-AB61-6FF78BE040A0} - C:\Program Files\Internet Explorer\minftnet.exe (Synersoft) HKLM_ElevationPolicy\{43023B0B-C598-4935-808C-990E0C700723} - C:\Program Files\DevNet\Toolbar\DevNetUpdater.exe (DevNet) HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{2E59C859-1AF3-0080-5D44-BD22E7CE3009} - "?" (c:\windows\system32\uxatbtdb.dll) (x) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 5 Fichier(s) C:\Program Files\Ad-Remover\Backup: 15 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 17/06/2011 17:59:29 (4090 Octet(s)) C:\Ad-Report-SCAN[1].txt - 17/06/2011 17:55:10 (7770 Octet(s)) Fin à: 18:01:26, 17/06/2011 ============== E.O.F ============== Toujours un message d'avast...
  12. pour précision Avast detecte toujours une menace sur svchost j'ai refait un Hijack, voici le log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:37:04, on 17/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\program files\real\realplayer\update\realsched.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe C:\Documents and Settings\Proprietaire\Mes documents\Téléchargements\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Navigateur incompatible | Facebook R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = pucuy.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {2E59C859-1AF3-0080-5D44-BD22E7CE3009} - c:\windows\system32\uxatbtdb.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Iadah Toolbar - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files\DevNet\Toolbar\DevNet.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [5X5WWG2X4H9D6B4XAQHOHZEHTGIJ] C:\wins.Bin\353F139947E.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9CA2FBF0-EF75-4B29-AA1B-E7D88382756E}: NameServer = 192.168.1.1 O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9249 bytes
  13. Merci de ta réponse rapide Voici le rapport : All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== c:\program files\Ask.com folder moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 115616 bytes ->Temporary Internet Files folder emptied: 29297652 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 11598 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 478434636 bytes ->Java cache emptied: 44187 bytes ->Flash cache emptied: 19961 bytes User: Proprietaire ->Temp folder emptied: 496265748 bytes ->Temporary Internet Files folder emptied: 21804769 bytes ->Java cache emptied: 1169078 bytes ->FireFox cache emptied: 97774167 bytes ->Google Chrome cache emptied: 6138516 bytes ->Flash cache emptied: 116950 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 104825353 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 133825453 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 590947073 bytes Total Files Cleaned = 1 870,00 mb OTM by OldTimer - Version 3.1.18.0 log created on 06172011_171501 Files moved on Reboot... C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W2VCUD84\search[4].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QH5LDSLE\activityi;src=2507573;type=ads-a681;cat=ads-a455;ord=6557592470850[1].htm moved successfully. File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QH5LDSLE\google_fr[1].txt not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q8PLHB23\language_tools[1].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXWWETX6\search[3].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXWWETX6\search[4].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CYXIJ5OT\search[3].txt moved successfully. File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9V28QC3Q\js_minified[2].js not found! File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6G925CP5\TOS[1].txt not found! File C:\Documents and Settings\Proprietaire\Local Settings\Temp\Répertoire temporaire 2 pour Pinnacle Studio 9.4.3 Multilanguage Claves De Activacion Hollywood Fx 5.1 Plus Extra Packs Maunal Y Efectos.par.eMule-Paradise.com.zip\MANUAL Completo - Pinnacle Studio 9 en Español [uge not found! File C:\Documents and Settings\Proprietaire\Local Settings\Temp\Répertoire temporaire 1 pour Pinnacle Studio 9.4.3 Multilanguage Claves De Activacion Hollywood Fx 5.1 Plus Extra Packs Maunal Y Efectos.par.eMule-Paradise.com.zip\MANUAL Completo - Pinnacle Studio 9 en Español [uge not found! C:\Documents and Settings\Proprietaire\Local Settings\Temporary Internet Files\Content.IE5\S2LN7M67\list-item-plus[1].png moved successfully. C:\Documents and Settings\Proprietaire\Local Settings\Temporary Internet Files\Content.IE5\6NZ2I8O1\background_button_green_full[1].png moved successfully. File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
  14. Bonjour, J'ai tenté d'éliminer plusieurs virus/malwares sans succès (acev Avast et antivir + malwarebytes) Voici le rapport Hijack This Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:32:28, on 17/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\svchost.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Proprietaire\Mes documents\Téléchargements\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Navigateur incompatible | Facebook R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = pucuy.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {2E59C859-1AF3-0080-5D44-BD22E7CE3009} - c:\windows\system32\uxatbtdb.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Iadah Toolbar - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files\DevNet\Toolbar\DevNet.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [5X5WWG2X4H9D6B4XAQHOHZEHTGIJ] C:\wins.Bin\353F139947E.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9CA2FBF0-EF75-4B29-AA1B-E7D88382756E}: NameServer = 192.168.1.1 O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9721 bytes
  15. Personne pour m'aider ?
×
×
  • Créer...